NIST • 17th August 2023

Developing Cybersecurity and Privacy Concept Mappings

NIST Internal Report (IR) 8477 ipd, Mapping Relationships Between Documentary Standards, Regulations, Frameworks, and Guidelines: Developing Cybersecurity and Privacy Concept Mappings, explains NIST’s proposed approach for identifying and documenting relationships between concepts such as controls, requirements, recommendations, outcomes, technologies, functions, processes, techniques, roles, and skills.

NIST • 8th August 2023

NIST Cybersecurity Framework 2.0 Draft

NIST has released a Draft of The NIST Cybersecurity Framework (CSF) 2.0 for public comment! This draft represents a major update to the CSF—a resource first released in 2014 to help organizations reduce cybersecurity risk. The draft update reflects changes in the cybersecurity landscape and makes it easier to put the CSF into practice for all organizations.

TechTarget • 4th August 2023

8 vulnerability management tools to consider in 2023

Once an organization implements a vulnerability management program, the next step is providing the program's team with powerful vulnerability management tools to automate as many tasks as possible. Evaluate these eight open source and vendor-supported vulnerability management tools.

EdTech • 1st August 2023

Setting Up a Secure Multifactor Authentication Solution

Attackers frequently target authentication solutions, including MFA services, and a poorly secured MFA implementation can provide a way for an attacker to compromise many accounts at once. You can take the following steps to help ensure that your university’s MFA solution is properly secured — and stays that way.

FedTech • 7th July 2023

Take These Steps to Plan for Ransomware Attacks

Take advantage of these lessons learned to protect your agency’s systems and data.

TechTarget • 20th June 2023

Blockchain security: Everything you should know for safe use

Despite its reputation, blockchain is subject to many of the same vulnerabilities as other software. It helps to have a clear idea of its inherent strengths and weaknesses.

TechTarget • 25th May 2023

Smart contract benefits and best practices for security

While smart contracts promise enormous benefits in the enterprise, they also present opportunities for cybercriminals. Explore best practices to keep them secure.

NIST • 17th May 2023

SP 800-124 Revision 2, Guidelines for Managing the Security of Mobile Devices in the Enterprise

This publication assists organizations in managing and securing mobile devices against the ever-evolving threats. To address these threats, this publication describes technologies and strategies that can be used as countermeasures and mitigations.

TechTarget • 16th May 2023

How to build a better vulnerability management program

Let's look at how to improve your organization's vulnerability management, whether it already has a vulnerability management program or is thinking about starting one. The following five steps are key to building a better vulnerability management program.

Cybersecurity Guide • 12th May 2023

An interview with Karen Scarfone

On today’s show our guest is Karen Scarfone. She’s the principal consultant for Scarfone Cybersecurity in Clinton, Virginia. We’re going to be talking about small businesses and cybersecurity.

NIST • 3rd May 2023

SP 1800-36 (Draft), Trusted IoT Device Network-Layer Onboarding and LC Management

Trusted network-layer onboarding, in combination with additional device security capabilities such as device attestation, application-layer onboarding, secure lifecycle management, and device intent enforcement could improve the security of networks and IoT devices.

NIST • 25th April 2023

Implementing Data Classification Practices

The NCCoE is collaborating with technology providers to build several example data classification solutions and demonstrate their ability to meet organizational data classification needs. The project’s objective is to define product-agnostic recommended practices for defining data classification schemes and communicating them to others.

TechTarget • 19th April 2023

Top 7 Data Loss Prevention Tools for 2023

Some DLP tools encompass the entire organization -- and these are the focus of this article. First let's discuss some must-have features and capabilities. Then, take a close look at seven enterprise DLP tools for the information needed when evaluating the best product for your company's needs.

Cybersecurity Guide • 18th April 2023

NIST and small business cybersecurity

This guide provides an overview of the existing free resources and the latest programs for small business cybersecurity from NIST.

TechTarget • 17th April 2023

How to build a cybersecurity deception program

To build a cybersecurity deception program, security leaders need a thoughtful and strategic approach. Consider the following best practices.

TechTarget • 11th April 2023

Centralized vs. decentralized identity management explained

Learn about centralized vs. decentralized identity management, as well as the advantages and disadvantages of each, from two viewpoints: organizations that want to verify user identities and individuals that want to access organizations' resources and services.

Blog • 24th March 2023

Cyber Guidance for Small Businesses

How can the security community better bridge the gaps between Big Guidance and small business?

EdTech • 23rd March 2023

How to Detect and Respond to Bot Attacks in Higher Education

Bots continue to become more capable and harder to detect, so it’s more important than ever that you know how to prepare for them, spot them and stop them.

NIST • 13th March 2023

SP 800-219 Rev. 1, Automated Secure Configuration Guidance from the mSCP

This publication introduces the mSCP, describes use cases for leveraging the mSCP content, and introduces a new feature of the mSCP that allows organizations to customize security rules more easily.

TechTarget • 6th March 2023

How to create an incident response playbook

Here's a crash course in what incident response playbooks are, why they are important, how to use them and how to build them.